package com.da.javatest.util.work;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * 防止sql注入
 */
public class SqlInjectionUtil {
    private static final String reg = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|"
        + "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";

    /**
     * 表示忽略大小写
     */
    private static final Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);

    public static String sqlInj(String value) {
        Matcher matcher = sqlPattern.matcher(value);
        if (matcher.find()) {
            return value.replaceAll(value, "");
        }
        return value;
    }

    public static void main(String[] args) {
        String data = "or 1=1";
        System.out.println(sqlInj(data));

        data = "aaa";
        System.out.println(sqlInj(data));
    }
}
